Open proxy relay in valyu-proxy β no path allow-listΒ #34
Description
- Context: Cloud / Both
- Category: Vulnerability (Server-Side Request Forgery / Privilege Escalation)
- Severity: π High
Evidence
// app/api/valyu-proxy/route.ts
const body = await request.json();
const { path, method, body: requestBody } = body;
if (!path) {
return NextResponse.json({ error: "invalid_request", message: "Missing path parameter" }, { status: 400 });
}
const appUrl = process.env.VALYU_APP_URL || "https://platform.valyu.ai";
const proxyUrl = `${appUrl}/api/oauth/proxy`;
const response = await fetch(proxyUrl, {
method: "POST",
headers: { Authorization: `Bearer ${accessToken}`, ... },
body: JSON.stringify({ path, method: method || "POST", body: requestBody }),
});The path parameter is accepted from the request body without any validation or allow-list. An authenticated user (or any unauthenticated request if the check is bypassed via self-hosted mode) can send arbitrary path values to be forwarded to platform.valyu.ai.
Attack scenario: A user sends path: "/v1/admin/users" or path: "/v1/billing/refund" β any endpoint the OAuth token has scopes for. The proxy blindly forwards it with the server's own Authorization header.
Affected files: app/api/valyu-proxy/route.ts